<?php
/**
 * DefaultController class.
 * DefaultController is to handle login, logout.
 * 
 * Yamii for Business 版权所有 @ 2010 - 2012.
 */
class DefaultController extends ApiController
{
	public function actionTest()
	{
		$applications = array(
			'app001' => '18e336ac6c9423d946ba02d19c6a2631', //randomly generated app key
		);
		$enc_request = $_REQUEST['key'];
		//get the provided app id
		$app_id = $_REQUEST['app_id'];
		
		$key = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $applications[$app_id], "{action:12, a:'2345'}", MCRYPT_MODE_ECB);
		print_r(base64_encode($enc));
		
		$decrypt = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $applications[$app_id], base64_decode($enc_request), MCRYPT_MODE_ECB);
		
		print_r(trim($decrypt));
	}
	
	public function actionIndex()
	{
		$this->_sendJSON(500, 'no API for business!');
	}
	
	/**
	 * Request parameters:
	 * email=?
	 * pass=? client should do: md5(password)
	 */
	public function actionLogin()
	{
		$email = Yii::app()->request->getParam('email', null);
		if (empty($email)) $this->_sendJSON(500, 'Parameter email is missing!' );
		$md5_password = Yii::app()->request->getParam('pass', null);
		if (empty($md5_password)) $this->_sendJSON(500, 'Parameter password is missing!' );
		
		// fetch password and username
		$sql_merchant = 'SELECT id, password, name, address, city, postcode, phone, country_code, currency_code,
			url_logo, url_site
			FROM tbl_merchant_account
			WHERE password IS NOT NULL AND email=:email';
		$connection = Yii::app()->db;
		$command = $connection->createCommand($sql_merchant);
		$row = $command->queryRow(true, array('email' => $email));
		$connection->active = false;
		
		if (empty($row)) {
			$this->_sendJSON(500, BUtils::T('login_error_msg'));
		} else {
			$hashed_password = BUtils::Hash32($md5_password);
			if ($hashed_password === $row['password']) {
				//create a hash key: Hash32(id + timestamp)
				$created_time = time();
				$key32 = BUtils::Hash32($row['id'] . $created_time);
				
				$connection = Yii::app()->db;
				$command = $connection->createCommand('DELETE FROM tbl_api_usage_merchant WHERE id_merchant=:id_merchant');
				$command->execute(array('id_merchant' => $row['id']));
				$command = $connection->createCommand('INSERT INTO tbl_api_usage_merchant (id_merchant, key32, created) VALUES(:id_merchant, :key32, :created)');
				$command->execute(array('id_merchant' => $row['id'], 'key32'=>$key32, 'created'=>$created_time));
				$connection->active = false;
				
				//logo
				$url_logo = 'http://yamii.fi/img/default_special_thumb.png';
				if (!empty($row['url_logo'])) {
					$url_logo = 'http://business.yamii.fi' . $row['url_logo'];
				}
				
				$merchant = array(
					'name' => (string)$row['name'],
					'address' => (string)$row['address'],
					'postal_code' => (string)$row['postcode'],
					'city' => (string)$row['city'],
					'phone' => (string)$row['phone'],
					'currency_code' => (string)$row['currency_code'],
					'country_code' => (string)$row['country_code'],
					'url_logo' => (string)$url_logo,
				);
				
				//send merchant hid, hkey
				$hashed_id = BUtils::Encrypt($row['id']);
				$this->_sendJSON(200, array('hid' => $hashed_id, 'key'=>$key32, 'merchant'=>$merchant));
			} else {
				$this->_sendJSON(500, BUtils::T('login_error_msg'));
			}
		}
	}
}